Security :: Vsftpd Anonymous Write To Anon_root?

Mar 24, 2011

obviously it's at least difficult but I'm interested in knowing if it's theoretically possible to allow anonymous users of vsftpd to upload to the same directory that anon_root is set to. If it's not then it's no big deal, I'm just trying to get a sense of the range of possibilities.

View 1 Replies


ADVERTISEMENT

Software :: VsFTPd Anonymous Read / Write Configuration?

Mar 13, 2011

I just want to configure Vsftpd to allow users to have total access to the FTP server. The server and users are all on a private LAN behind a router with no access from the Net, so I don't need any security. The following basic configuration doesn't allow uploading files after I log on as anonymous/whatever:

/etc/vsftpd/vsftpd.conf
Code:
listen=YES
anonymous_enable=YES
local_enable=YES
write_enable=YES
xferlog_file=YES

#anonymous users are restricted (chrooted) to anon_root
#anon_root=/home/ftp/incoming
anon_root=/var/ftp
anon_upload_enable=YES
anon_mkdir_write_enable=YES

#chroot_local_user=NO
#chroot_list_enable=YES
#chroot_list_file=/etc/vsftpd.chroot_list

Here's what happens when I log on as anonymous/whatever and try to upload a file:
> ftp server
Connected to server.
220 (vsFTPd 2.0.5)
Name (server:root): anonymous
331 Please specify the password.
Password:<whatever>
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.

ftp> ls -al
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
drwxr-xr-x 3 0 0 4096 Mar 13 11:19 .
drwxr-xr-x 3 0 0 4096 Mar 13 11:19 ..
drwxr-xr-x 2 0 0 4096 May 25 2010 pub
226 Directory send OK.

ftp> put /var/tmp/ftp
local: /var/tmp/ftp remote: /var/tmp/ftp
200 PORT command successful. Consider using PASV.
553 Could not create file.

View 4 Replies View Related

Ubuntu Security :: Allowing Non-anonymous Uploads With Vsftpd?

Feb 2, 2010

Hope you can help me out. I'm trying to setup a "drop-box" on ubuntu 9.10 server with vsftpd. I'm able to login and land in the /home/user directory, however I cannot write anything.

View 5 Replies View Related

Fedora :: Installed Vsftpd By "yum -y Install Vsftpd",disabled Anonymous Login And Set?

Feb 5, 2010

I have installed vsftpd by "yum -y install vsftpd",disabled anonymous login and set .When I use a linux client's file browser to login using a user account "ftpacc" by ftp://ip_address, its location is "/" instead of /home/ftpacc".When I use a window client to login, its location is "/home/ftpacc"

View 1 Replies View Related

Server :: Vsftpd Access Allow For Anonymous?

Sep 4, 2010

vsftpd is working fine in my network with anonymous user but i need to access that from out-side all the setting is done on the router. I am getting page to access ftp form out-side but only for ftp users not anonymous user how i will give permeation to access ftp to anonymous user ?

View 26 Replies View Related

Ubuntu Servers :: Public - Anonymous FTP With Vsftpd

May 19, 2010

In my house I have a small computer running ubuntu karmic that works as a server/media center.

I would like to have a folder (my ~/public folder) openly available to the entire world via anonymous ftp.

I have read somewhere that the defauld vsftpd config is basically this: no local user login, anon only and sharing a folder called /home/ftp, but I can't get this to work.

Here is my /etc/vsftpd.conf file:

Code:

View 9 Replies View Related

Ubuntu Servers :: Add Files (and Where) For Anonymous Download - Vsftpd

Jan 17, 2011

how to add files (and where) for anonymous download. I installed vsftpd and configure /etc/vsftpd.conf file...just few common options like allowing anonymous,download,upload. And now i can login with anonymous. But i dont know what to do next, i want to try to download and upload files.

View 9 Replies View Related

CentOS 5 Networking :: Can't Get Vsftpd To Accept Anything But Anonymous Connections

Jun 5, 2010

This is on Centos 5.3 by the way..... I had a DVD and, well, just wanted to test some things.. I'm aware that this is not the latest release.

And, by the way (I just read an earlier post) I've added the username and password with which I'm trying to login (..hello?).

I'm at work and I don't have a copy of my Vsftpd configuration file (don't wanna edit this whole thing - actually there is a copy, below). I've used Slackware for years and never had any issues with Vsftpd - it just works. I am trying Centos because I need help with upgrading my mail server (qmail) and there's not much help for Slackware users. Also, I used to run RHEL3 and had vsftpd working fine (had to copy some file to /etc/pam.d) but it worked famously. I compiled all my web server stuff (just don't like these default things where I have no idea how things are integrated) and I'm hung up on - of all things - vsftpd.

Anyway....When I try to log into my ftp server I get "KERBEROS_V4 rejected as an authentication type" and only the anonymous account works. Any other logins produce an error (incorrect login - see ya' later). I have SE Linux and the firewall OFF. I don't recall the directive, precisely, but my vsftpd.conf file is set allow local users to connect. I installed with yum and it added some lines at the bottom (one was about a user list and the other was about PAM). I've got a chroot list and a user list although it's not clear to me precisely where the user list should be placed. I actually uninstalled the RPM and compiled, too. I've done everything but call an exorcist. And I've found tons of posts regarding this on the net and none of the fixes worked. Man - on slackware you type "make" and "make install" (I build it with tcp_wrappers) and you're off to the races.

Actually - I did upload the vsftpd.conf file to work (where I'm at, now). Minus lines that were commented out it looks like this:

Could it, possibly, be something about how I am adding the user, the shell type, etc? I know that in Redhat I used to type "/usr/sbin/useradd -d /home/someuser joe". I've done it that way and I've also done it like so: "useradd -d /home/schmoe -s /bin/bash schmoe".

View 2 Replies View Related

CentOS 5 Server :: VSFTPD - Unable To Authenticate As Anonymous User

May 4, 2010

I am attempting to configure vsftpd to allow anonymous users to PUT files into a shared incoming directory. This would be like a dropbox for my customers. Ideally, the incoming directory's contents would not be viewable by the users.

I believe that refused connection is due to the PAM configuration for vsftpd.

May 4 08:03:16 WSVM-S1-1 sshd[1512]: Invalid user anonymous from xxx.xxx.xxx.xxx
May 4 08:03:16 WSVM-S1-1 sshd[1513]: input_userauth_request: invalid user anonymous
May 4 08:03:16 WSVM-S1-1 sshd[1512]: pam_unix(sshd:auth): check pass; user unknown

[Code].....

View 3 Replies View Related

Fedora Networking :: Getting Vsftpd Running With Both Anonymous And Local User Access To The Same Folder

Aug 14, 2009

I'm trying to get vsftpd running with both anonymous and local user access to the same folder. The directory I'm using is /tftp with the following permissions:

dr-srwxrwx 7 root root 12288 2009-08-14 15:54 tftp

My vsftpd.conf is this:

anonymous_enable=YES
local_enable=YES
write_enable=YES

[code]....

I set the default "ftp" user's home directory to /tftp (was /var/ftp).

View 4 Replies View Related

General :: Security - Allow Anonymous Ssh Login To A Box And Only Run One Program?

Feb 25, 2011

I have a text based game installed on a Linux server, and I would like to allow logins on that server via SSH, but with restrictions.The login should go directly to the game which reads keyboard input from stdin. If the game quits the user should be immediately disconnected from the server. Alternately, if the user logs in there should only be one command available to the user, the game.I have thought about using a web based interface to the game, but there is something about playing the game in a terminal that just feels right.Please don't reply with "this is a bad idea..." or its variants because that is an easy out. I just want to know if anyone knows of a solution.

View 2 Replies View Related

Ubuntu Networking :: No Write Access With Vsftpd?

Aug 19, 2010

i have a server and im trying to use ftp to edit my website with dreamweaver. im using vsftpd and i have access where i can read all the files but i cant add any. any clues?

View 5 Replies View Related

Security :: Write A Shell Script Setup Security Policies?

Feb 3, 2010

Is there a way to delete files on the commandline that uses the KDE-Wastebin?It appears that I never ever need the KDE4 Wastebin for files that I deleted through Konqueror or Dolphin. It is only when I delete files on the konsole with rm that I wish I could undelete them. It always happens like that, mostly by being in the wrong directory or using a wildcard when I should not have. (I don't have any erroneous deleted file right now, and I do have plenty of backups, but I just wonder whether there is something better than rm to use generally on the commandline.)

View 9 Replies View Related

General :: SElinux Security Context Type & Booleans In FTP/vsftpd?

Sep 13, 2010

What are the SElinux security context type & booleans in FTP/vsftpd

View 3 Replies View Related

CentOS 5 :: Security On Tftp Server (vsftpd) - Permission Denied

Jun 13, 2009

I am trying to wade through the semanage jungle to get permissions for a tftp client. I followed the HowTos [URL] but I get the following at the client:

tftp> status
Connected to 192.168.1.101.
Mode: netascii Verbose: off Tracing: off
Rexmt-interval: 5 seconds, Max-timeout: 25 seconds
tftp> get hello.o4
tftp: hello.o4: Permission denied

I finally figured out that the firewall directives shown at the end of the HowTo refer to semanage although the options are stated incorrectly according to the man page for semanage. I did insure that the file hello.o4 in /tftpboot has read permission for everybody.

View 1 Replies View Related

Security :: Access Dom0 Files During Vsftpd Server From DomU During Ftp Client

Aug 24, 2010

I have CentOS 5.5 distribution with Dom0 and DomU installed. I try to access Dom0 files during vsftpd server from DomU during ftp client. I successfully login with root and simple user, but when I try to list (or cd to some directory) in user home the SELinux prevent it from me. I get this in audit.log:

[Code]....

View 2 Replies View Related

Server :: Starting Vsftpd For Vsftpd: 500 OOPS: SSL: Cannot Load RSA Certificate?

Feb 10, 2011

Any clue? I'm using the same key for root login and it works fine (also works fine for SFTP but i hate using that cause its extremely slow)

View 2 Replies View Related

CentOS 5 :: VSFTPD & CHCON - Returns The Error: /usr/bin/chcon : Couldn't Compute Security Context From Unlabeled?

Apr 8, 2011

The script "vsftpd_virtualuser_add.sh" from the guide here:

http://wiki.centos.org/HowTos/Chroot_Vsftpd_with_non-system_users

executes the following line: /usr/bin/chcon -t public_content_rw_t $HOMEDIR/$USERNAME

which returns the error: /usr/bin/chcon: couldn't compute security context from unlabeled

Login attempts are unsuccessful on the given username.I followed the instructions on that page verbatim.I can't find anything useful on that error anywhere - even outside of vsftpd context.This is a new CentOS 5.5 server - updated everything with yum.VSFTP worked fine on the last server, which was a CentOS 5.x.

View 12 Replies View Related

Fedora Security :: Cryptset - Can't Read Or Write

Jul 28, 2011

So I have just set up my cryptsetup.I can open/mount it by either "crypsetup luksOpen" or just clicking on the partition from the "Places" tab and it will ask me for a password and all.

The only problem is that I can't read or write to it at all. Everything is probably root, which isn't useful to me.

So how can I change it so that when I do either of those 2 methods for opening it, I can just fully use it, read and write and everything? As my user.

View 1 Replies View Related

Ubuntu Security :: Can To Write Block All But NOT Rule For UFW?

Jul 23, 2011

For example, can I write something to the effect: block all outbound UDP connections over port 53 except those going to IP 123.456.789. Or stated another way: Block outbound to port 53/udp NOT going to ip address 123.454.678Is it possible to do this? How would I write the argument?

View 3 Replies View Related

Security :: Group Can Read, Write, But Not Delete?

Oct 14, 2010

Long time reader, first time poster. I've got, what has become to me, a brain bender. It seems ACL's are the best way to go, but I am not 100% sure. Each user should be able to create files and modify each others'files, but should not be able to delete any one elses files in a directory.chmod -1777?setfacl?

View 2 Replies View Related

Security :: SELinux Module To Allow Snmpd To Write To /tmp?

Aug 11, 2010

I am using the "extend" function of snmpd to run a script in order to extend a monitoring platform. This script being ran by snmpd needs to write to a file in /tmp for later parsing, but SELinux is stopping it from writing to the file under /tmp. The following two lines from my audit.log file show what is happening:

Code:
type=AVC msg=audit(1281516573.123:18422): avc: denied { write } for pid=6933 comm="test2.sh" name="tmp" dev=dm-0 ino=1474561 scontext=root:system_r:snmpd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir

[Code]..

View 8 Replies View Related

Ubuntu Security :: Wordpress Permission To Write To Files?

Nov 9, 2010

I am having difficulties assigning permission for wordpress to write files. I am having problems with the permalink within wordpress and I think it might be because of the level of permission wordpress has. Currently on my system I need to set permission to 777 in order for wordpress to write to the .htaccess file.

I am running my website on a Ubuntu machine. Version 10.10 Apache2 2.2.4

However, when I leave the permission level set to 777 I still cannot get the permalink to point to the corrent page......See my discussion on this here. [URL]

I think what I need to do is change wordpress to use a user permission or a group permission and not "everyone". I would rather have wordpress setup to login as a specific user before it can write over a file.

View 5 Replies View Related

Security :: Write A Script To Manage Daily Backup On A USB HDD?

Aug 13, 2010

I am about to write a script to manage daily backup on a USB HDD. The server that holds the data works 24 hours a day and therefor, is seldom rebooted. I have 2 options :

OPT 1 : I mount the usb drive once and for all, and copy the data to it when I need to (twice a day, no more) and never unmount it. Except when the server is rebooted of course.

and OPT 2 : I mount the drive, copy the data and unmount it ASAP twice a day when the time has come to backup the data.

View 2 Replies View Related

Security :: When To Give Write Access To Folders On A Web Server

Feb 3, 2011

on the following link [URL] section 2 says

Quote:

The following directories need to be readable, writeable and executable for everyone:

* dokeos/main/inc/conf/
* dokeos/main/upload/users/
* dokeos/main/default_course_document/
* dokeos/archive/

[Code].....

I am not at all convinced by the idea of giving permissions to read,write and execute as these Learning Management Systems say. Let me know what you people have to say? What is the best practise in such situations? I have to get all these LMS run on same web server.

View 2 Replies View Related

Security :: Write A Shell Script Setup Policies?

Apr 14, 2011

Write a shell script setup linux security policies include:

1. password policy
2. User policy
3. firewall

Note: Create a file.sh from 1 to 3. purposes:

If (1) successful then 2 If (2) successful then 3 End

View 3 Replies View Related

Programming :: Write A Shell Script To Set Security Policies?

Apr 13, 2011

I don't know how to write a shell script to set security policies for Linux to start. and how. I know that there are many security policies for Linux but do not know which one best suited to write a shell script.

View 5 Replies View Related

Ubuntu Security :: Write Permission To Mounted File System?

Feb 1, 2010

I just found that I could perform write operation using a normal user account to a file system I mounted with the commands as followed:

sudo mount -t ntfs /dev/sda1 /mnt/disk/

This is the corresponding entry in the output of "mount" command:
/dev/sda1 on /mnt/disk type fuseblk (rw,nosuid,nodev,allow_other,blksize=4096)

As far as I remember, when using a normal user account, I had to use "sudo" to perform any write operations (mkdir, rm, etc) to a device mounted using "sudo". But now it seems to be changed.

Do I remember wrong, or did Karmic have any updates change this setting? (I never manually changed user settings, except that I added a root user, but I never used it.)

OS: Karmic(up2dated)
Kernel: Linux stephen-laptop 2.6.31-17-generic #54-Ubuntu SMP Thu Dec 10 16:20:31 UTC 2009 i686 GNU/Linux

View 4 Replies View Related

Ubuntu Security :: Write Allowed Even AppArmor Forced In Firefox

Feb 28, 2011

I use Ubuntu 10.10 with encrypted home. I'm new with apparmor. My firefox-3.6.13 is now in enforce mode - with standard profile. With this profile it should have write access only to:
owner @{HOME}/Downloads/* rw,

But I can save files (with standard downloadmanager of firefox) e.g. in $HOME itself and I can't find any other rule, which could allow that. I have thing, that ecryptfs workaround just affects the eCryptFS "part of things" and limitations of normal filenames/paths (in mounted ecryptfs) are still possible. Why can firefox write elsewhere as in to ${HOME}/Downloads? I get also this in kern.log (but not by saving a file as wrote above):

Feb 27 05:49:30 duron650 kernel: [ 2284.886631] type=1400 audit(1298782170.190:4: apparmor="DENIED" operation="open" parent=1782 profile="/usr/lib/firefox-3.6.13/firefox-*bin" name="/home/.ecryptfs/hugo/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWY1tHLaOszg1UQTPB2f1Zq7Xu 0xztwk9hVX6-OCUaSGk2nU5ADkJx.rdk--/ECRYPTFS_FNEK_ENCRYPTED.FWY1tHLaOszg1UQTPB2f1Zq7Xu 0xztwk9hVXFlmP1qlJBZ2eq7XFiWljUE--" pid=2209 comm="firefox-bin" requested_mask="w" denied_mask="w" fsuid=1000 ouid=0

Why do firefox try to write to it and why do it fail even with #13 workaround?
Feb 27 06:03:23 duron650 kernel: [ 3118.231818] type=1400 audit(1298783003.534:49): apparmor="DENIED" operation="open" parent=1782 profile="/usr/lib/firefox-3.6.13/firefox-*bin" name="/tmp/.X0-lock" pid=2304 comm="firefox-bin" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Why try firefox to access X lock?

View 4 Replies View Related

Ubuntu Security :: Read/write Access To MP3 Files In /usr/Music?

May 2, 2011

I had to reinstall Ubuntu (Natty) on a brand new computer and while installing I setup the datas partition to be mounted in /usr but now I can't have access to files I put in there even if I setup the group/user permission! I can accezz /usr/Music but all files are locked

View 5 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved